ExitWindowsEx fails even after adjusting my privilege token

1k views Asked by At

I'm trying to shutdown Windows programmatically:

Function ExitWindows() As Integer
  Declare Function GetCurrentProcess Lib "Kernel32" () As Integer
  Declare Function OpenProcessToken Lib "AdvApi32" (handle As Integer, access As Integer, ByRef tHandle As Integer) As Boolean
  Declare Function LookupPrivilegeValueW Lib "AdvApi32" (sysName As Ptr, privName As WString, Luid As Ptr) As Boolean
  Declare Function AdjustTokenPrivileges Lib "AdvApi32" (tHandle As Integer, disableAllPrivs As Boolean, newState As Ptr, buffLength As Integer, prevPrivs As Ptr, ByRef retLen As Integer) As Boolean
  Declare Function ExitWindowsEx Lib "User32" (flags As Integer, reason As Integer) As Boolean
  Declare Function GetLastError Lib "Kernel32" () As Integer

  Const SE_PRIVILEGE_ENABLED = &h00000002
  Const TOKEN_QUERY = &h00000008
  Const TOKEN_ADJUST_PRIVILEGES = &h00000020
  Const SE_SHUTDOWN_NAME = "SeShutdownPrivilege"
  Const EWX_SHUTDOWN = &h00000001

  Dim pHandle As Integer = GetCurrentProcess()   //a handle to the current process
  Dim tHandle As Integer                         //a handle to the token

  If OpenProcessToken(pHandle, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, tHandle) Then
    Dim mb As New MemoryBlock(8)
    mb.UInt32Value(0) = 1
    mb.Int32Value(4) = SE_PRIVILEGE_ENABLED
    Dim pt As Ptr
    If LookupPrivilegeValueW(Nil, "SeShutdownPrivilege", mb) Then
      Dim z As Integer
      If AdjustTokenPrivileges(tHandle, False, mb, mb.Size, pt, z) Then
        If Not ExitWindowsEx(EWX_SHUTDOWN, 0) Then
          Return GetLastError()     //Returns 1314
        End If
      Else 
        Return GetLastError()
      End If
    Else
      Return GetLastError()
    End If
  Else
    Return GetLastError()
  End If
End Function

Each function call succeeds except for ExitWindowsEx, which invariably will fail with error code 1314 (Privilege not held) even when running as Admin. Reboot has the same problem but Logoff works.

What am I doing wrong here?

1

There are 1 answers

0
Werner Henze On BEST ANSWER

You are calling LookupPrivilegeValueW with a wrong mb and passing a wrong mb to AdjustTokenPrivileges.

Dim luid As New MemoryBlock(8)
If LookupPrivilegeValueW(Nil, "SeShutdownPrivilege", luid) Then     
   Dim mb As New MemoryBlock(16)
   mb.UInt32Value(0) = 1
   mb.UInt32Value(4) = luid.UInt32Value(0)
   mb.UInt32Value(8) = luid.UInt32Value(4)
   mb.UInt32Value(12) = SE_PRIVILEGE_ENABLED
   Dim z As Integer
   If AdjustTokenPrivileges(tHandle, False, mb, mb.Size, pt, z) Then